Same old, same old

We could start to vote for the security breach of the week. We would never be shy of nominees. What is worse however is that it does not make sense to vote on a corresponding security leak of the week. Recent analysis shows that it’s almost always failure to implement basic security settings. The hit … More Same old, same old

What is cybersecurity? – Or are you fully buzzword compliant yet?

Every year they’ll chase a different pig through the village, as we say in German. This year in IT security it is cybersecurity. Especially the United States have funded research on this topic and created frameworks as if there is no tomorrow. There are conferences brimming with enticing titles like “Meet the rock stars of … More What is cybersecurity? – Or are you fully buzzword compliant yet?

What happens with all the stolen data?

I had lunch with a colleague lately who was wondering what happens with all the stolen information from data breaches, where we have seen quite a few lately. Latest breaches included personal information like credit card data, identity data, and fingerprints… A research article on DLP products published in the July/August 2015 IEEE Security and Privacy magazine arrives at … More What happens with all the stolen data?

The economics of selling security vulnerabilities – or there is a market for everything

When I studied Economics in the 90ies, Gary S Becker received the Nobel Price for his extension of the microeconomic analysis to include human behavior and social aspects including marriage, discrimination and for example having sex with your spouse. That raised a few eye-browse back then. Nowadays I am wondering when an economist will publish … More The economics of selling security vulnerabilities – or there is a market for everything

How do you stay up to snuff on security?

Security is such a vast topic and there is always a new attack on the horizon. I am  interested to hear what other security experts read on a regular basis. In this blog I have put together which newsletters I try (:-)) to read on a daily basis. https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=PER338-EDC&searchResults=Y (the IEEE flagship magazine on privacy … More How do you stay up to snuff on security?

Security is important – or why every CSO wants to bang their head against a wall

Recently I met former co-students at a reunion, and told them that my area of expertise is security. Everybody agreed that I must work in a hot area and be in for a great career. Well, really? Latest polls indicate that (cyber) security is the top most concern to upper management especially when moving technology … More Security is important – or why every CSO wants to bang their head against a wall

Advanced persistent threats – or the new cyberwarfare

Advanced persistent threats (APTs) are the stealth undercurrent of the daily news on security attacks. IT breaches where data get stolen are so prominent that APTs are getting mentioned but overlooked. APTs are developed and initiated by organizations with an almost unlimited amount of resources. They have highly skilled and incredibly smart people. They have … More Advanced persistent threats – or the new cyberwarfare

The crypto currency Bitcoin – or trust as the key concept of IT security

Suppose someone tells you that there is a brand new way of secure paying via the internet. The new technology is hyped and after slow adoption has now seen quite a media buzz and is being used by a growing number of companies and private people. Suppose that your conversational partner further tells you that … More The crypto currency Bitcoin – or trust as the key concept of IT security

Security Anonymous – the twelve step program :-)

I have long been nagged by colleagues to start a Security Anonymous group. So here is an introduction including twelve step program: Need help with a security problem? If you are concerned with a security problem and wish to learn more about Security Anonymous, read on further. Security Anonymous is a self-help group for people … More Security Anonymous – the twelve step program 🙂

Internet pillory – what we need to learn from the Ashley Madison hack

We seem to hear about a major data breach at a company on a daily basis. Either the media is reporting more or the number of publicly known attacks rises or both. What can we learn from these reports? It is always data and application that adversaries are after. Although this is a no-brainer, we … More Internet pillory – what we need to learn from the Ashley Madison hack